Table of Contents
SERIES 27 | SERIES 24 | FINANCIAL REGULATION COURSES
FINRA Rule 4160 prohibits a member firm, upon notification by FINRA, from continuing to custody or retain record ownership of assets — whether proprietary or customer assets — at a financial institution that is not a member of FINRA, when that institution fails to provide FINRA with written verification of the assets maintained there upon FINRA staff's request. The rule is compact in its operative language but significant in its purpose: it provides FINRA with an indirect but effective mechanism for independently verifying the existence of assets that its member firms claim to hold at third-party custodians, addressing a gap in the regulatory oversight framework that became dramatically apparent following the disclosure of the Bernard Madoff Ponzi scheme in December 2008 and the Allen Stanford fraud in February 2009.
Rule 4160 sits within the 4100 Financial Condition subsection of the 4000 Financial and Operational Rules series. It was adopted by SR-FINRA-2010-042, effective February 1, 2011, with a simultaneous conforming amendment under SR-FINRA-2010-062. Regulatory Notice 10-61 announced the SEC's approval and the rule's effective date. The rule has not been amended since adoption and applies to all FINRA members including Capital Acquisition Brokers, which were expressly made subject to it by SR-FINRA-2015-054 effective April 14, 2017.
Rule 4160 was born directly from the post-crisis examination of how the Madoff and Stanford frauds evaded regulatory detection for so long. Bernard Madoff's investment advisory business, operated through his registered broker-dealer Bernard L. Madoff Investment Securities, fabricated decades of trading records showing securities positions that did not exist. The assets that Madoff claimed to hold on behalf of thousands of customers — ultimately determined to represent losses of approximately sixty-five billion dollars — were never independently verified by any regulator during the fraud's multi-decade operation. Allen Stanford's scheme, which cost investors approximately seven billion dollars, similarly involved fraudulent certificates of deposit purportedly held at Stanford International Bank in Antigua whose balances were never independently confirmed.
Both frauds exploited the same structural gap: FINRA had no authority to demand that a non-member financial institution — a bank, a foreign depository, an offshore custodian — provide verification of assets that a FINRA member claimed to hold there. FINRA could examine the member's own books and records, which showed the claimed asset positions. But if those records were fabricated, or if the assets simply did not exist at the third-party institution, FINRA had no direct regulatory lever to force the third party to confirm or deny the member's representations. The only path to independent verification ran through either the member itself — which in a fraud scenario was the source of the false information — or through the SEC or other regulators with jurisdiction over the custodian, a path that required interagency coordination and was rarely pursued on a routine basis.
Rule 4160 solved this problem through an indirect but commercially powerful mechanism. Rather than attempting to assert direct regulatory authority over non-member financial institutions — an authority FINRA does not possess — the rule operates through the member. When FINRA requests written verification of assets from a non-member financial institution and that institution fails to respond promptly, FINRA notifies the member that it may no longer maintain assets at that institution. The commercial consequences of that notification create powerful incentives for the institution to cooperate: a non-member bank or custodian that loses the assets of a FINRA member client because it refused to provide a routine verification letter has created a serious business problem for itself. As Regulatory Notice 10-61 acknowledged, FINRA recognized that there would be significant incentive for non-member institutions to comply with asset verification requests to retain members' business.
Rule 4160(a) states the operative prohibition in a single compound sentence. A member, when notified by FINRA, may not continue to custody or retain record ownership of assets — whether proprietary assets belonging to the member or customer assets held by the member for its clients — at a financial institution that is not a FINRA member, if that institution, upon FINRA staff's request, fails promptly to provide written verification of the assets maintained there.
The mechanism operates in sequence. FINRA staff identifies a situation in which independent verification of assets at a non-member institution is warranted — typically as part of a financial examination, in response to surveillance data raising questions about asset values in FOCUS reports, or in the context of an investigation into potential financial irregularities at a member. Staff sends a request for written verification directly to the non-member financial institution. If the institution responds promptly with the requested written verification, Rule 4160 is not triggered. If the institution fails to respond promptly — whether by ignoring the request, refusing to verify, providing verification that is incomplete or inconsistent with the member's records, or responding so slowly that timely regulatory assessment is impaired — FINRA notifies the member that it may no longer maintain assets at that institution.
The rule's scope covers both proprietary assets and customer assets without distinction. Proprietary assets are the member's own capital and investment holdings. Customer assets are securities and cash held on behalf of the member's clients, subject to the customer protection requirements of Exchange Act Rule 15c3-3. The equal treatment of both categories reflects the recognition that unverifiable proprietary assets create net capital integrity problems while unverifiable customer assets create direct investor protection failures — both are serious regulatory concerns, and Rule 4160 addresses them with the same mechanism.
The phrase when notified by FINRA is the operative trigger for the member's obligation. A member is not in violation of Rule 4160 merely because it holds assets at a non-member institution that has not yet been asked to verify. The violation occurs when FINRA has made the required request to the institution, the institution has failed to respond promptly, and FINRA has then notified the member — at which point the member must cease maintaining assets at that institution. Until FINRA issues the notification, the member has no obligation to take any action under Rule 4160 itself, though of course the member's other financial responsibility obligations under Rules 4110 and 4120 remain continuously operative.
Supplementary Material .01 establishes the timing standard for the required asset transfer. Any member required to transfer its proprietary and customer assets pursuant to Rule 4160 shall effect that transfer within a reasonable period of time. The rule does not specify a fixed number of days, recognizing that the complexity and scale of the required transfer will vary enormously depending on the nature and volume of assets involved. A member with a few proprietary cash positions at a single bank can transfer those positions rapidly. A member holding diverse customer securities positions across multiple asset classes at a foreign custodian may require a longer but still reasonable period to effect an orderly transfer without disrupting customer accounts or creating settlement failures.
The reasonable period of time standard places the obligation on the member to move promptly and in good faith, not to complete the transfer by any fixed deadline. FINRA's assessment of whether a particular transfer timeline was reasonable will consider the nature of the assets, the operational complexity of the transfer, the availability of suitable alternative custodians, and any third-party constraints — contractual lock-ups, settlement cycles, jurisdictional requirements — that affect the speed at which specific assets can be moved. A member that delays initiating a transfer or takes no meaningful steps toward completing one after receiving FINRA's notification has failed the reasonable period standard regardless of the ultimate difficulty of the transfer.
Rule 4160(b) provides two categorical exemptions from the rule's requirements.
The first exemption — Rule 4160(b)(1) — covers proprietary assets of members that are treated as non-allowable assets under Exchange Act Rule 15c3-1. Non-allowable assets are those that are deducted in their entirety from net worth when computing net capital under Rule 15c3-1 — assets deemed too illiquid, too speculative, or too difficult to value for inclusion in the net capital computation as allowable assets. The rationale for exempting these assets from Rule 4160's verification requirement is that their verification is irrelevant to the net capital compliance question: because they have already been fully deducted from net capital regardless of their stated value, the question of whether the stated value is accurate has no bearing on the member's net capital adequacy. A member that claims to hold a non-allowable asset worth one million dollars at a non-member institution will have the same net capital whether that asset is worth one million dollars or nothing — it is deducted either way. FINRA therefore has no net-capital-based reason to insist on independent verification of non-allowable assets.
The second exemption — Rule 4160(b)(2) — covers instances where FINRA determines that there is no independent custody or record ownership of the assets. This exemption addresses the specific scenario that arises in connection with certain financial instruments and arrangements where the member does not actually have a custody relationship with a separate institution — where the assets in question are not deposited at or held by a third-party institution in any meaningful sense that would make verification meaningful. The precise contours of this exemption are determined by FINRA on a case-by-case basis, and Regulatory Notice 10-61 directed members with questions about whether specific arrangements fall within this exemption to contact their FINRA Risk Monitoring Analyst.
Supplementary Material .02 makes an important clarification that prevents Rule 4160 from being misread as modifying the customer protection framework of Exchange Act Rule 15c3-3. Nothing in Rule 4160 shall be construed as altering in any manner a member's obligations under Rule 15c3-3. This statement is not merely precautionary — it reflects a genuine potential for confusion about the relationship between the two rules.
Exchange Act Rule 15c3-3 — the Customer Protection Rule — requires carrying broker-dealers to maintain customer fully paid and excess margin securities in good control locations and to maintain a special reserve bank account for the exclusive benefit of customers. The good control location requirements specify approved custodians and depositories for customer securities, and the reserve account requirements govern how customer cash must be segregated. Rule 4160 does not affect any of these obligations. A member that receives a FINRA notification under Rule 4160 and is required to transfer assets away from a non-member institution must transfer those assets to a location that satisfies its Rule 15c3-3 good control location requirements — it cannot simply move customer securities to any convenient custodian. The Rule 4160 obligation to move assets and the Rule 15c3-3 obligation to hold them in approved locations are simultaneous and must both be satisfied. A member that transfers customer securities in response to a Rule 4160 notification to a location that does not qualify as a good control location has cured one compliance failure while creating another.
Rule 4160's significance in the post-Madoff regulatory landscape extends beyond its specific operative provisions. It represents a structural acknowledgment by FINRA that the integrity of a member's financial reporting depends not only on the accuracy of the member's own books and records — the traditional focus of financial examinations — but also on the independent confirmability of the assets those records describe. A member's FOCUS reports, net capital computations, and customer account statements are only as reliable as the assets they purport to reflect, and assets held at non-member institutions are inherently less visible to FINRA than assets held at FINRA member depositories such as the Depository Trust Company.
The rule strongly encourages — though does not require — members to enter into written contracts with non-member financial institutions maintaining their proprietary or customer assets that would obligate those institutions to comply with FINRA staff verification requests. Regulatory Notice 10-61 noted this encouragement explicitly. A member that has contractually secured its custodian's commitment to respond to FINRA verification requests is in a stronger compliance position than one that relies on the custodian's voluntary cooperation, and the practical risk of receiving a Rule 4160 notification is substantially lower where the custodian is contractually bound to respond promptly. For members whose business model involves significant custody arrangements at non-member institutions — foreign banks, trust companies, private custodians — implementing such contractual protections is a sound compliance best practice regardless of the rule's minimum requirements.
The interaction between Rule 4160 and FINRA Rule 4150 is worth noting. Rule 4150 requires prior notice and approval for guarantees and flow through arrangements that may affect net capital. Rule 4160 addresses the independent verifiability of the assets that underlie net capital computations. Together the two rules address the two primary ways in which a member's reported capital position can differ from its actual financial condition: through financial commitments that artificially inflate apparent capital, and through asset values that cannot be independently confirmed.
FINRA Rule 4160 is tested on the Series 27 Financial and Operations Principal examination as part of the financial responsibility and asset custody framework. Series 24 General Securities Principal candidates encounter the rule in the context of supervisory obligations for financial condition and the custody of customer assets. The rule's connection to the post-Madoff regulatory reforms and its relationship to the customer protection obligations of Exchange Act Rule 15c3-3 make it relevant to any examination covering broker-dealer financial responsibility and asset safeguarding.
The key points to retain are these: FINRA Rule 4160 prohibits a member, upon notification from FINRA, from continuing to custody or retain record ownership of assets — proprietary or customer — at a non-member financial institution that fails to provide FINRA staff with prompt written verification of assets maintained by the member there; the rule operates indirectly by leveraging the commercial relationship between the member and the non-member institution — the institution's incentive to retain the member's assets motivates cooperation with FINRA verification requests; the member's obligation to transfer assets is triggered by FINRA's notification, not merely by the institution's failure to verify, and the transfer must be completed within a reasonable period of time; two exemptions apply — proprietary assets treated as non-allowable under Exchange Act Rule 15c3-1 are exempt because their verification is irrelevant to net capital compliance, and assets for which FINRA determines there is no independent custody or record ownership are exempt; nothing in Rule 4160 modifies a member's obligations under Exchange Act Rule 15c3-3, meaning that any required asset transfer must be to a location that satisfies the customer protection rule's good control location requirements; FINRA strongly encourages members to enter into written contracts with non-member custodians requiring them to respond to FINRA verification requests, though such contracts are not mandated by the rule; and Rule 4160 was adopted in direct response to the Madoff and Stanford frauds, addressing the regulatory gap that allowed fabricated asset positions at non-member institutions to go undetected for years.
